OpenChain Specification 1.1 Makes Compliance Easier for Everyone in the Open Source Software Supply Chain
The Linux Foundation | 27 April 2017
BARCELONA, Spain (Free Software Legal and Licensing Workshop), April 27, 2017 — The Linux Foundation® today announced the OpenChainTM Specification 1.1 and an accompanying Online Self-Certification service. These allow organizations of every size to ensure consistent compliance management processes in the open source supply chain. The OpenChain Project is proud to welcome Siemens, Qualcomm, Pelagicore and Wind River as the first four organizations to self-certify to the OpenChain Specification 1.1.
The OpenChain Project is a community effort to establish best practices for effective management of open source software compliance. The project aims to help reduce costs, duplication of effort, and ease friction points in the software supply. The OpenChain Project has three Work Teams that collaborate on future refinements of the OpenChain Specification, to develop training materials and create conformance criteria for organizations. For additional information about the project and a list of supporting organizations, visit https://www.openchainproject.org/.
“Today OpenChain evolves from being a refined, active project into a standard ready for broad market adoption,” said Shane Coughlan, OpenChain Program Manager. “Thanks to the hard work of our contributors we have exceptional new services to offer the community. Our improved Specification makes understanding compliance processes easier. Our free Online Self-Certification makes reviewing these requirements simpler. Our refined Curriculum makes using best practices accessible to everyone.”
The OpenChain Project builds trust in open source by making things simpler, more efficient and more consistent. The Specification creates trust between organizations. The Conformance allows new organizations to join the circle of trust. The Curriculum supports implementation by entities of any size. The result is that open source becomes predictable, understandable and optimized for internal and external supply chains of any type.
“The OpenChain Project is about open source compliance across the many entities in the modern IT supply chain,” said Kate Stewart, Senior Director of Strategic Programs, The Linux Foundation. “The long-established SPDX Project addresses the question of ‘how do you trust the contents of a software package?’ The OpenChain Project addresses the question of ‘how do you trust companies in a supply chain?’ The updated OpenChain material and Online Self-Certification provide the best answer in the market.”
Transparent Compliance Processes Build Trust
“We want to make open source compliance as accessible as possible to all sizes of organizations, and allow everyone to participate in an efficient supply chain ecosystem that allows process transparency and importantly–compliance with open source licenses,” said Dave Marr, Chair of the OpenChain Governing Board and Vice President, Legal of Qualcomm Technologies. “By defining the criteria for what we mean by good compliance processes, we create the basis for each of us to trust the compliance work done by each other.”
“Organizations can only build trust in other entities when they have the opportunity to demonstrate the way they are handling open source software meets the criteria of a good compliance process,” said Dr. Miriam Ballhausen, OpenChain Conformance Work Team Lead. “With the Online Self-Certification Web App, the OpenChain Project created a tool that allows organizations to demonstrate just that and potential partners to check their suppliers’ OpenChain conformance.”
“Today most successful commercial software solutions are built using open source software,” noted Mark Gisi, Wind River’s Director of Open Source Programs and OpenChain Specification Team Lead. “The OpenChain Specification provides the trust and assurance that an organization is able to effectively manage the open source from which their solutions are comprised. The latest version of the Specification represents the work of more than a hundred contributors. It is from this collaborative effort we obtain the assurance the specification defines the requirements every quality compliance program must satisfy.”
Additional Resources
- Specification: https://www.openchainproject.org/spec
- Online Self-Certification: https://www.openchainproject.org/conformance
- Curriculum: https://www.openchainproject.org/curriculum
- FAQ: https://www.openchainproject.org/faq
About The Linux Foundation
The Linux Foundation is the organization of choice for the world’s top developers and companies to build ecosystems that accelerate open technology development and commercial adoption. Together with the worldwide open source community, it is solving the hardest technology problems by creating the largest shared technology investment in history. Founded in 2000, The Linux Foundation today provides tools, training and events to scale any open source project, which together deliver an economic impact not achievable by any one company. More information can be found at www.linuxfoundation.org.
# # #
The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage.
Linux is a registered trademark of Linus Torvalds.
About The Linux Foundation
The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, ONAP, OpenChain, OpenSSF, PyTorch, RISC-V, SPDX, Zephyr, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org. The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see its trademark usage page: www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.